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DETAILED ACTION 

Claims 1-88 are pending. 

The IDS filed 4/8/2008 has been seen and considered by the examiner. 

Below, Examiner has pointed out particular references contained in the prior 
art(s) of record in the body of this action for the convenience of the applicant. Although 
the specified citations are representative of the teachings in the art and are applied to 
the specific limitations within the individual claims, other passages and figures may 
apply as well. Applicant should consider the entire prior art as applicable as to the 
limitations of the claims. It is respectfully requested from the applicant, in preparing the 
response, to consider fully each reference in its entirety as potentially teaching all or 
part of the claimed invention, as well as the context of the passage as taught by the 
prior arts or disclosed by the examiner. 



Double Patenting 

1. The nonstatutory obvious-type double patenting rejection is withdrawn in view of 
Terminal Disclaimer filed 12/19/2007 between the instant application and Application # 
10/687217. 

2. Claims 10-20, 30-40, 50-60, and 78-88 are rejected on the ground of 
nonstatutory obviousness-type double patenting as being unpatentable over Claims 1- 
11, 22-32, 43-53, and 64-74 of copending Application No. 10/687415, hereafter "415". 
Although the conflicting claims are not identical, they are not patentably distinct from 
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each other because they either recite a concomitance of the claim features, or they are 
obvious modifications. 

Claims 10, 30, 50, and 78 of the instant application correspond to Claims 1 , 22, 
43, and 64 of '415 respectively. The limitations of the instant application are 
encompassed by '21 7 as follows: 

• A method for digital content access control, comprising: receiving, by a 
rights locker provider, a rights locker enrollment request from a user 
device associated with a user, said rights locker enrollment request 
comprising a digital content request and enrollment authentication data 
(instant application) corresponds directly to A method for digital content access 
control, comprising: receiving, by a rights locker provider, a rights locker 
enrollment request from a user device associated with a user, said rights locker 
enrollment request comprising a digital content request and enrollment 
authentication data ('415). 

• determining, by said rights locker provider, whether said user is 
authorized, said determining comprising determining the rights of said 
user to access said rights locker and the rights of said user to digital 
content specified by said digital content request (instant application) 
corresponds directly to determining, by said rights locker provider, whether said 
user is authorized using said enrollment authentication data, said determining 
comprising determining rights of said user to digital content specified by said 
digital content request wherein said rights locker provides (1) a description of a 
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user's access rights for digital content; and (2) controlled access to said 
description ('41 5). 

• wherein upon said determining finding said user is authorized, initializing, 
by said rights locker provider, said rights locker with rights to said digital 
content (instant application) corresponds directly to if said user is authorized, 
initializing, by said rights locker provider, said rights locker with rights to said 
digital content ('415). 

• obtaining, by said rights locker provider, one or more tokens that 
authenticate future access to a rights locker corresponding to said digital 
content (instant application) corresponds directly to obtaining, by said rights 
locker provider, a new token that authenticate future access to said rights locker 
corresponding to said digital content ('415). 

• creating, by said rights locker provider, one or more authenticated rights 
locker access requests based at least in part on said one or more tokens 
(instant application) corresponds directly to creating, by said rights locker 
provider, one or more authenticated rights locker access request based at least 
in part on said new token ('415). 

• sending, by said rights locker provider to said user device over a network, 
said one or more authenticated rights locker access requests (instant 
application) corresponds directly to sending, by said rights locker provider, said 
authenticated rights locker access request over a network to said user device 
('415). 
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• receiving, by said rights locker provider from said user device over said 
network, an indication of a user selection of one of said one or more 
authenticated rights locker access requests; and accessing the contents of 
said rights locker according to a type of said rights token associated with 
said user selected one of said one or more authenticated rights locker 
access requests would have been an obvious next step in '415. It is well known 
in the art to select a desired content to access and receiving said content in 
response. 

Claims 11-20, 31-40, 51-60, and 79-88 of the instant application correspond 
directly to Claims 2-1 1 , 23-32, 44-53, and 65-74 of '415 respectively. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-3, 6, 10-12, 15, 21-23, 26, 30-32, 35, 41-43, 46, 50-52, 55, 61-63, 66- 
74, 78-80, and 83 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Buhse et al. (US 2004/0024652), hereafter "Buhse" in view of Murphy et al. (US 
6,226,744), hereafter "Murphy". 
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Considering Claims 1, 21, 41, and 61, Buhse discloses a method for digital 
content access control (Fig. 6A, Fig. 6B, [0002]), comprising: determining, on a user 
device, digital content to be made accessible via a rights locker (Fig. 6B, [0048]); 
determining, on said user device, enrollment authentication data ([0165], [0171]); 
sending, from said user device to a rights locker provider over a network, a rights locker 
enrollment request to a rights locker provider (Fig. 6B, [01 64], [01 71 ]); said rights locker 
enrollment request comprising a digital content request and said enrollment 
authentication data ([0048], [0052], [0164], [0171]); receiving, on said user device from 
said rights locker provider over said network, an indication of a selection of one of said 
one or more authenticated rights locker access requests ([0077]-[0079], [0091])); 
sending, from said user device to a rights locker provider over said network, said 
authenticated rights locker access request to a rights locker provider ([0091]); and 
receiving, on said user device from said rights locker provider, in response to said 
sending said selected authenticated rights locker access request, a result including at 
lease an authenticated digital content request ([0054], [0063]). 
Buhse does not explicitly disclose receiving, on said user device, one or more 
authenticated rights locker access requests in response to said sending, said one or 
more authenticated rights locker access requests for subsequent use in accessing 
digital content associated with said rights locker. Buhse does suggest subscriptions 
which would implicitly define a one time only authentication ([0132]-[0135]). 
Murphy discloses receiving, on said user device, one or more authenticated rights 
locker access requests in response to said sending (column 5- lines 55-60), said one or 
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more authenticated rights locker access requests for subsequent use in accessing 
digital content associated with said rights locker (column 7- lines 26-28, column 6- lines 
56-61), sending, from said user device, said authenticated rights locker access request 
to a rights locker provider (column 3- lines 35-36). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the teachings of Buhse by authenticated rights 
locker enrollment requests (i.e. tokens) for subsequent use in accessing digital content 
as taught by Murphy in order to provide a user with a system that requires 
authentication only once (Murphy- column 6- lines 56-60). 

Considering Claims 10, 30, 50, and 78, the combination of Buhse and Murphy 
discloses a method for digital content access control (Buhse- Fig. 6A, Fig. 6B, [0002]), 
comprising: receiving, by a rights locker provider, a rights locker enrollment request 
from a user device associated with a user (Buhse- [0165], [0171]), said rights locker 
enrollment request comprising a digital content request and enrollment authentication 
data (Buhse- [0048], [0052], [0164], [0171]); determining, by said rights locker provider, 
whether said user is authorized (Buhse- [0061], Murphy- column 6- lines 43-60), said 
determining comprising determining the rights of said user to access said rights locker 
and the rights of said user to digital content specified by said digital content request 
(Buhse- [0079], Murphy- column 6- lines 1-7); wherein upon said determining finding 
said user is authorized, initializing, by said rights locker provider, said rights locker with 
rights to said digital content (Buhse- [0091]); obtaining, by said rights locker provider, 
one or more tokens that authenticate future access to a rights locker corresponding to 
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said digital content (Murphy- column 5- lines 55-60, column 6- lines 56-61); creating, by 
said rights locker provider, one or more authenticated rights locker access requests 
based at least in part on said one or more tokens (Murphy- column 5- lines 55-60); 
sending, by said rights locker provider to said user device over a network, said one or 
more authenticated rights locker access requests (Murphy- column 3- lines 35-36); 
receiving, by said rights locker provider from said user device over said network, an 
indication of a user selection of one of said one or more authenticated rights locker 
access requests (Buhse- [0048], [0056]); and accessing the contents of said rights 
locker according to a type of said rights token associated with said user selected one of 
said one or more authenticated rights locker access requests (Buhse- [0091], Murphy- 
column 7- lines 22-28, accessing, by said rights locker provider, content based on the 
SSN is shown, it is also shown that this could be done using tickets, certificates, or keys 
which can be read as tokens). 

Considering Claims 2, 11, 22, 31, 42, 51, 62, and 79, the combination discloses 
digital content request comprises a request for initializing said rights locker with rights to 
specified digital content (Buhse- [0154]-[0161], Murphy- column 3, lines 35-36). 

Considering Claims 3, 12, 23, 32, 43, 52, 63, and 80, the combination discloses 
enrollment authentication data comprises: rights locker access authentication data for 
determining what rights, if any, a user of said user device has to access said rights 
locker; and rights content access authentication data for determining what rights, if any, 
said user has to digital content associated with said rights locker (Buhse- [01 54]-[01 61], 
Murphy- column 6, lines 43-47). 
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Considering Claims 4, 13, 24, 33, 44, 53, 64, and 81, the combination discloses 
rights locker access authentication data comprises payment for use of a rights locker 
service (Buhse- [0157]-[0159]). 

Considering Claims 5, 14, 25, 34, 45, 54, 65, and 82, the combination discloses 
rights content access authentication data comprises payment for rights deposited in 
said rights locker (Buhse- [0157]-[0159]). 

Considering Claims 6, 15, 26, 35, 46, 55, 66, and 83, the combination discloses 
enrollment authentication data comprises a reenrollment key determined in a previous 
enrollment request for said rights locker, said reenrollment key for supplementing or 
replacing enrollment authentication data of said previous enrollment request (Buhse- 
[0123-[0131], Murphy- column 6, lines 56-61, column 7, lines 22-28). 

Considering Claims 7, 18, 27, 38, 47, 58, 75, and 86, the combination discloses 
storing at least part of said one or more authenticated rights locker access requests in a 
bookmark on said user device (Buhse- [0181]-[0190]). 

Considering Claims 16, 36, 56, and 84, the combination discloses determining 
comprises determining whether said user is entitled to become an enrolled user based 
at least in part on whether payment for use of the rights locker service succeeds 
(Buhse- [0157]-[0159]). 

Considering Claims 17, 37, 57, and 85, Murphy does not disclose determining 
whether an enrolled user is entitled to populate said rights locker with rights to said 
digital content based at least in part on whether payment for said rights succeeds 
(Buhse- [0157]-[0159]). 
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Considering Claim 67, the combination of discloses apparatus comprises a 
smart card (Murphy- abstract, lines 1-5). 

Considering Claims 68-74, the combination does not explicitly disclose a wide 
range of different types of smart cards. 

Murphy does suggest a smart card is a device that is typically the size of a credit card, 
having a microprocessor and limited storage memory (column 2, lines 46-48). 

Therefore, Official Notice is taken that it would have been obvious at the time of 
the invention to use the combination with the wide range of different types of smart 
cards for the benefit of having a system that is usable on a wide variety of designs and 
platforms. 

4. Claims 8, 19, 28, 39, 48, 59, 76, and 87 are rejected under 35 U.S.C. 1 03(a) as 
being unpatentable over Buhse and Murphy in view of Steven W. Disbrow. Use 
cookies to maintain state in Web applications. Active Server Developer's Journal. 
Louisville: Sep 2000. Vol. 4. Iss. 9; pg. 7, 3 pgs. Hereafter "Disbrow." 

Considering Claims 8, 19, 28, 39, 48, 59, 76, and 87, the combination does not 
explicitly disclose one or more authenticated rights locker access requests are 
embedded in a Web cookie. 

Disbrow discloses one or more authenticated rights locker access requests are 
embedded in a Web cookie (Full Text, If 3, lines 2-4). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the combination by using cookies to imbed 
personal information as taught by Disbrow for the benefit of remembering a particular 
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visitor so that forms he filled out, selections and preferences he made, and other 
personalized information wouldn't have to be re-entered each time he visited the site 
(Disbrow- Full Text, If 3, lines 2-4) 

5. Claims 9, 20, 29, 40, 49, 60, 77, and 88 are rejected under 35 U.S.C. 1 03(a) as 
being unpatentable over Buhse and Murphy in view of Weissman (US 2002/0156905), 

hereafter "Weissman." 

Considering Claims 9, 20, 29, 40, 49, 60, 77, and 88, the combination does not 
disclose one or more authenticated rights locker access requests are encapsulated in 
an HTTP Response message. 

Weissman discloses one or more authenticated rights locker access requests are 
encapsulated in an HTTP Response message ([0035] lines 10-22, [0036]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the combination by encapsulating user 
authentication information in a http response message as taught by Weissman for the 
benefit of appending authentication credentials stored in the logon database and other 
information extracted from the previously received HTTP responses. 

Response to Arguments 

Applicant's arguments filed 4/29/2008 have been fully considered but they are 
not persuasive. 

With respect to applicants arguments that the combination fails to teach 
"determining, on an end-user device, digital content to be made accessible via a rights 
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locker." Examiner directs the applicant to Buhse- [0098]. Buhse discloses a consumer 
purchases a digital product and checking out after providing payment information. 
Therefore, the user determines content to be made accessible (i.e. the user selects a 
product to buy) and then checks out (i.e. making said product accessible to the user). 

With respect to applicants argument that no motivation was provided to combine 
the 2 cited references. Examiner directs the applicant to p. 1 0 If 4 of the Office Action 
dated 1/24/2008. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the teachings of Buhse by authenticated 
rights locker enrollment requests (i.e. tokens) for subsequent use in accessing 
digital content as taught by Murphy in order to provide a user with a system that 
requires authentication only once (Murphy- column 6- lines 56-60). 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Randal D. Moran whose telephone number is 571-270- 
1255. The examiner can normally be reached on M-F: 7:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/R. D. M./ 

Examiner, Art Unit 2135 



7/30/2008 
/KimYen Vu/ 

Supervisory Patent Examiner, Art Unit 2135 



